PF Chang's investigating report of data breach at its restaurants

The popular Asian restaurant chain said it was looking into a report that unknown hackers stole customers' credit and debit card information and put it up for sale on the Internet.

Security blogger Brian Krebs wrote Tuesday that banks have reported data being pilfered from P.F. Chang's locations in Florida, Maryland, New Jersey, Pennsylvania, Nevada and North Carolina.

Krebs gained attention late last year when he revealed the massive data breach at the Target retail chain.

The P.F. Chang's breach occurred between the end of March and May 19, according to Krebs. Card data was being offered on a website favored by the Target hackers for $18 to $140 per card, Krebs reported.

"The items for sale are not cards, per se, but instead data copied from the magnetic stripe on the backs of credit cards," Krebs wrote. "The most common way that thieves steal this type of card data is by hacking into cash registers at retail locations and planting malicious software."

The company issued a statement saying it was looking into the matter.

"P.F. Chang's takes these matters very seriously and is currently investigating the situation, working with the authorities to learn more," the statement said. "We will provide an update as soon as we have additional information."

The alleged data intrusion suggests the willingness of hackers to go after relatively small companies.

Advertisement

P.F. Chang's has about 200 locations in the U.S. and abroad. The Scottsdale, Ariz.-based company was acquired by private equity firm Centerbridge Partners for $1.05 billion in 2012.

The company also operates Pei Wei Asian Diner, a more casual Asian restaurant chain with more than 170 U.S. locations.

Intruding on smaller chains can be more difficult than breaching a larger company where there are more ways to gain electronic access, said Ryan Burnheimer, vice president of business development for Trusted Sec, a security consulting firm.